W6GKD: Difference between revisions
Brian Wilson (talk | contribs) mNo edit summary |
Brian Wilson (talk | contribs) mNo edit summary |
||
Line 55: | Line 55: | ||
Install a WARP client on Android it's called "Cloudflare One Agent", there is a separate WARP client but you don't need that. | Install a WARP client on Android it's called "Cloudflare One Agent", there is a separate WARP client but you don't need that. | ||
WARP is the client side of a Zero Trust VPN client but routes all traffic from the device it's installed on through a proxy operated by Cloudflare. I put it on my tablet | WARP is the client side of a Zero Trust VPN client but routes all traffic from the device it's installed on through a proxy operated by Cloudflare. I put it on my tablet and my laptop. The laptop version allows selective use; this means I can decide which web sites get tunneled and which go direct. | ||
== Enabled swap == | == Enabled swap == | ||
Line 93: | Line 93: | ||
Since https://w6gkd.radio/ is proxied through Cloudflare I did not have to set up HTTPS. | Since https://w6gkd.radio/ is proxied through Cloudflare I did not have to set up HTTPS. | ||
This is convenient. But it means traffic between Cloudflare and Tektonic is not encrypted yet. | This is convenient. But it means traffic between Cloudflare and Tektonic is not encrypted yet. | ||
== Resources == | |||
Download WARP clients for Cloudflare Zero Trust [https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/download-warp/ here]. | |||
[[Category:Radio]] | [[Category:Radio]] |
Revision as of 16:12, 10 January 2024
W6GKD is my call sign and it's also the name of a virtual server that hosts services for me.
Currently it runs Debian 11
Some hostnames supported here are proxied in Cloudflare. For direction connection via ssh use w6gkd.wildsong.biz
History
2024-01-09 I am out of RAM and out of disk space and out of swap space, I could upgrade again to 2 GB and 40GB at $10/month but it just staves off feature creep. Instead I will do some relocating. I don't even have enough disk space to increase swap space right now.
2022-04-24 Upgraded to CS-2 machine, giving me 1GB RAM and 30GB filespace. ($2.5 -> $4/month) 2021-12-24 Provisioned at Debian 10.04 then upgraded immediately to Bullseye (Debian 11)
Cloudflare Zero Trust
I need to move some resources off of this virtual machine because I am running out of space. I can use a third party proxy to relocate services to other servers. The proxy could be the Cloudflare Zero Trust service. I should be able to completely eliminate the Varnish cache and reverse proxy running on this host and then I can move my wiki to an Oracle VM and then put a database replica on Bellman.
What runs here? | Can I move it? | Where? | Notes |
---|---|---|---|
ssh | no | use a different dns name to access it | |
wiki | yes | Oracle | Requires PHP and MySQL Replicate database on Bellman. Use webhooks to back up files. |
hupi.org | yes | Oracle | Requires PHP |
smtp | no | not worth it | |
imap | no | not worth it | |
Varnish | no |
WARP
Install a WARP client on Android it's called "Cloudflare One Agent", there is a separate WARP client but you don't need that.
WARP is the client side of a Zero Trust VPN client but routes all traffic from the device it's installed on through a proxy operated by Cloudflare. I put it on my tablet and my laptop. The laptop version allows selective use; this means I can decide which web sites get tunneled and which go direct.
Enabled swap
While I wait for the CS-1 to CS-2 upgrade, and while experiencing lockups due to memory exhaustion, I enabled swap.
https://help.ubuntu.com/community/SwapFaq#What_is_swappiness_and_how_do_I_change_it.3F
fallocate -l 1g /mnt/1GiB.swap chmod 600 /mnt/1GiB.swap mkswap /mnt/1GiB.swap swapon /mnt/1GiB.swap echo '/mnt/1GiB.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab
free total used free shared buff/cache available Mem: 471680 276880 15992 1884 178808 180696 Swap: 1048572 67156 981416 ^^^^^ yep - doing "docker-compose up" hits swap space.
Packages installed
sudo certbot python-certbot-dns-cloudflare-doc python3-certbot-dns-cloudflare postfix postgrey
Docker installed from https://docs.docker.com/engine/install/debian/
I stood up an instance of nginx to get things tested using the command
docker run --name w6gkd -v /home/bwilson/html:/usr/share/nginx/html:ro -p 80:80 -d nginx
Since https://w6gkd.radio/ is proxied through Cloudflare I did not have to set up HTTPS. This is convenient. But it means traffic between Cloudflare and Tektonic is not encrypted yet.
Resources
Download WARP clients for Cloudflare Zero Trust here.